307bfbec00a7086955b73740ed829bfd931ab8cf5c44a62c587f025f0324fc2e

Analysis

max time kernel
223s
max time network
254s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

020ba3afe8daac1cc14882af0425b8ed.html
Size

1KB
MD5

020ba3afe8daac1cc14882af0425b8ed
SHA1

bef1fcaf43fa0e00318416f1c57bd5c963040d69
SHA256

307bfbec00a7086955b73740ed829bfd931ab8cf5c44a62c587f025f0324fc2e
SHA512

5538f285a7d3af1aa765be1ddd5d22c856f81f8034301e431499099be514651ddbb2e9e8ceae3b45efd4a9a0a9c9792fca1063b6fcf793d8a4df99455af06c58

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCEE8C41-A692-11EE-9B2E-42DF7B237CB2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000dfb9e21820a00360f851aa657cf18b620a114684a75cf983e5d436637d3c5b28000000000e8000000002000020000000819fb4659e32e3cc97d0a43ccb6ef35189b043328272dc6f5edcab0a3143675520000000f8e93cbe1a500f3b845b42a2e08d9ad860c891addf316883545751f1e00b9d1940000000f5f109406f648831c3392c38952f22b44d9d97777a215cd6c9f6f961516448834a2d07f03fd27207d8c3dd561d78eca2026251e10335255f88ae87c3936f47aa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000217dc1be669f6bc12eee2e9baa3cca40ce105f2c49c0900fd48202578d7a6c4d000000000e8000000002000020000000b70fcb8166519472d4408d15321be79cbe4c6553a6ef272efd457579aea578c390000000c0f2244258be632a15b65d90a8e85ef498bf20a28b8fd60677ffeafd47eb77a893d688f83a754aa25f85f60133b353e662ca8df370d21eb0bc82a73ece11ad6b6f058d8e778f296463b268d4a336787751d2d1559984e2bc2a05903dfc07b6f927d5c2ec6940243b0c874a9d9099a072e692a2156048db105134cccbbc309cc830ce5af066ce3f67381be9fd9c6e1e804000000044ccf6e4d438121634a149ebae9ac7593e5ef5238c93c0e733c03edd3c99274072569f5e4f9fd4df50c03b538a1826f0712c10f09e968adeb67ec9d85815128e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200743e49f3ada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410047965"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2836	2604	iexplore.exe	28
PID 2604 wrote to memory of 2836	2604	iexplore.exe	28
PID 2604 wrote to memory of 2836	2604	iexplore.exe	28
PID 2604 wrote to memory of 2836	2604	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\020ba3afe8daac1cc14882af0425b8ed.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4471fc426f7669ef3c1a56814db93427

SHA1
c2fa018b1a9e2f4bf5371a856d829dc1bf8cd2e2

SHA256
1766934511010b7507dcd667be5b39529a073b283913bf92ecee4bf2672ceb80

SHA512
109d665609fe4f3eb7859586b22d8b5060fef08da330f6e0d006dc128f9f8fbc25ef8cf9b2ef774b2f51bf99d94713aff62eb602bb07e56a1153ed19054dfdbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74e75866b12f72bd760d2acf517863e0

SHA1
652f57a8eb4c1f6d919067d0e975891e59106919

SHA256
62653105839bee0f8db3e47626d1eb08d886201421b3619413a5183253c91843

SHA512
8b734ff7f2018f66ac336be6cde6af57de20472a1c3561ad370a1686a43be2b605c05418eb4468748022d51d6d79181337c29eac95e876a22e1497bbcdbec0ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83a30b5013b2d125e5ca5b72a54792ff

SHA1
bc6b14e9e31c349f5a6c28e38f601d82d143e8d2

SHA256
40593a4ffc3a7e8cb8159e3ce81a64832e1c353eb265d4a30851ff2ac87b318a

SHA512
90123f7d989bda44d092a7a39ab853c4ea99d6c6edd4665f258555a8712d7a5d19d6cf4e312687c0de729dc333b43f19e8d0ee4c81e42462f45ab32f40b9a550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1123a80210bcc84a1a401ad4d346ddb

SHA1
30f68d959060fd3a28bf4b3fe8de1445f19e093b

SHA256
c0a535b961a98c08672a54aecab06c26dee05fdad87372d6b49782a32890cdb6

SHA512
f7bf7e1aec38f470d3a8592da6026f65541b6be210449495115d45d1bca7290b0d694128fe5f5827596bb73c9edcf49ef6fdf867f8fb5597c01496f73a7d7b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
825a85d69cadd9b772d6d45fbf035172

SHA1
9be27c9dc07122cb0aae2da7e5399be64c60d582

SHA256
a72ab8fbc7cb2c4705b1b057a262a338ccc2955d194dc74546f8c23d4628bb3c

SHA512
96c3f9a2095f39b2529b742ab1df5d122ac58118ab459e83995aa41f6d517576f0ee5499cfbbfbe7768c5c47ea2fcb5ceef4492066a0955d0b1dc28a220920c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
802c89c99bb39ace58c3742ffc6140e3

SHA1
3c5523c6b3d026d63ceb148a7b7efdf6633a379c

SHA256
7efe66f00c51bcb2a7edd34e604b8a52ec64203737575a2f9fc9a0f4c476331b

SHA512
628ad690a1c5762e0b448146554e3c3f902ea0b46d5550f13c89cb16e0899fe95937dbfb071c202720d3cf100b6ff48cd8ca8a1e00bb6c256f40fce5e7349c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6db410fddb0dc28f79dd8e7099b39642

SHA1
692151343530728ab63c36fdd6d690a2b00891d5

SHA256
9d56ac2d9bd10c0f0e03140af1f3c23a7b0ca6a4396caf3aeb47d8d0c731c819

SHA512
8b659a6d65477c8beb516f3e96b8c78fc9e7545aa6bad56fe4e7ede8618c2c32c251c40669477a02c19b2a23895b85852dfa64703b4e0442040f21d9fd7d2776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5adaa3b7ece73ff1d60d512140eb056c

SHA1
90833d09281187d02d7118cedb073def5296ec1a

SHA256
003c897c993463f57348a7515a9b5ade67e498694ca5b6d5b63fc6327ac10e0e

SHA512
01dde634959f3ded829b55675c60402c725aad518a4ccfa3502a4057c01b650e3384125c617208828d6a8ed7f7bd39c35d20ac3e34a42d0b778d8db97b785d3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a3550fa50ee1b55849a0b396b27db02

SHA1
3ce39674833e5f0ed5ec58c6299f947996c24d50

SHA256
0418a7ebaa0af521d842f695da7568c6b984e504080de7928bb72f0a18c9c9c2

SHA512
79b356efee62f72517a2e74e6915e15740f8bf1d86a94b18995c7b906e08be34ab840f65394417d918d7afcc490474dde8831f6d4b2f1b9ad77789e48ca53ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79df4e35a21ff2d9fee6560caacf535b

SHA1
da216baa387ec403e11b54a29f31fcc0cfd5207d

SHA256
71b7347c58d8d82d8d2444d347198a61f5fe2c3284024906c3efe84e9735a931

SHA512
a725523b087871c28ee6806254bbbe2f93d5a7167abad24fc8b17161983fb646ddebfe672e82889cf0783f8d6ca3f750db06965a039a62f491b9674b42662fbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0165a6f2de32af93621654eac89c4485

SHA1
e9ead2b9ac32d6dd56139c6584d9644bda121c75

SHA256
0e108d7324f5922aace3772eee7e838b823bfb2f8004965c68f817297b93c8d7

SHA512
7296bd13f72b2af9ecebf54a7fb40ed0207486ff408917a6ddc5220958a8f8019897e436ca84aedd4e29a888a3b4ee0767d0b0e2cbd090c90d7583169f2b54b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
468716349e0ae040d48113e31ca4c426

SHA1
01f6c5360748f08822ee9d5279fcf698e0f7ecb5

SHA256
35dcef34e8677377e402325c8abb769a711526bbbf5395d783109ba78dae7821

SHA512
cba4329667b4355eb28c980fa1b3be20c31b856199058a7e2a3d8d749d4cac6fe8bac5bcfee7d84e11f48ddcdbc633b6a61e1122dd805059f8f002db0b3a7133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ed3653b54332f52225188e6867952c9

SHA1
26084a1cfa3f1896612d066cb9386d45e3324640

SHA256
44c5a5b605517e9834014d1bb19239514424bb1dfa60f1d16254be85fcb922e6

SHA512
bd428ac4deffbb71c0cc95b47986831f4ecae12cd89d48de46164ee2de1961e234a3a4b1d6c38fe08d47e4b2d7145965c96b27f47a55c70a4cfacc88d3a1bbab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf0620237ca2b645129ca2f365a820fa

SHA1
bd81756593a7c0a274c55624e01670f05600a2c0

SHA256
4ffc0569aba9d24a31d7ffdb8163abb2301610b6481673c8a7fee4214d37c264

SHA512
b75f7ccef500b3251722111d6c45eb87bd0680c7f21c3cea1de91bc71d32da7bad6bea2c65c513c7fd59c3f9774139bcfff89746faf18c5fdd071fb9761deddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76a2af222f0d2ff9dd2306535db52ade

SHA1
5a48309d71917a96134983474a9fbaf2c38666a3

SHA256
1b276d0bd20da97341aae9789e3eba3e1b84d42d67eaf2798878929c79683ebc

SHA512
fee14531aa14f5c4a83401f311b45e3c9c5f0ec8f8a73d2c841ea1d5cd58dbf1cde6812a57cabff1d5aebdecd4628faaadb924d1873ce96e61843276dc8da5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E3E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8EBE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit